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MEMORANDUM FOR : Associate Deputy Director of Administration 


25X1A Director, Consolidated SAFE Project Office/ODP 


SUBJECT : Proposal for Centralized Community Bibliographic 
and Document Retrieval System 


1. As you requested on 28 February, I have reviewed the 
proposal made to the Chairman of the Intelligence Handling 
Committee to provide the subject service to the community. In 
particular, I asked to review the security implica- 
tions of the service as proposed. 


2. As noted in the attached memorandum, the accessing of 
the RECON data hase by both the community and internal Agency 
users presents security problems. It appears that some of the 
data in this data base requires controlled access and must be 
screened out for outside users. If open access is given by the 
COINS network to this file, then about 164,000 records would 
have to be eliminated from the file. This would mean that 
internal users of that file would not have access to the com- 
plete file. Alternatively, external requests could be screened 
by a human intermediary such that the same files could be used 
for all users. Given the small number of external queries pro- 
jected, this would appear to be the preferred method of operation. 


3. Given the security considerations attached and the un- 
desirable cost of duplicating the service, it would appear that 
an internal service for free access by the Agency, but providing 
screened access to external users, would be the least expensive 
alternative. It should also be capable of sustaining the ex- 
ternal load as projected. 


4, These bibliographic files are indeed the files to be 
used on the SAFE system and hence any extension of current 
capabilities should be coordinated with the SAFE program to 
avoid developing this capability twice. If the IHC initiates 
a study on this subject, we would be happy to participate. 
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SUBJECT: Proposal for Centralized Community Bibliographic 
and Document Retrieval System 


5. I trust that either you or Mr. Eisenbeiss is still 
the representative for the IHC. I would be glad to discuss 
this further if you would like. 


25X1A 


cc: Acting Director of ODP 
Director of OCR 
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MEMORANDUM FOR: Director, Consolidated SAFE Project Office/ODP 
2BXIA ais 
SAFE Security Advisor 


SUBJECT : Proposal for Community Access to the 
Bibliographic Files Supported by RECON 


ne Before addressing the specific questions from 
D/ODP on the buckslip attached to ODP-8-2184, 25 January 1979, 
I read the memo to gain necessary background. It presents 
the subject proposal to the DCI Intelligence Information 
Handling Committee and develops three options for implementing 
the desired service. These are: 3a. Off-Line Service, 3b. 
Direct On~Line Service and 3c. On-Line Service through 
Intermediaries. The last, 3c. is impressive for the following 
reasons: (U) 


a. Provides a high degree of security without system 
complications. (U) 


b.. Is economical because it places the "filters" on 
the side of RECON where there is the least activity 
and because it does not require duplication of 
hardware or data. (U) 


on Is flexible and provides a smooth transition for 
the non-CIA users when RECON-supported bibliographic 
files become the Central Index File for SAFE. (U) 


ohn Provides a customized service for the diverse 
requestors by knowledgeable "librarians" so that 
much training and unwanted output can be eliminated. 
Because only 10 queries per day are reported now 
with an eventual growth projection to 50 per day 
later on, this method should remain economically 
feasible and responsive. (U) 


2. Preparing to answer the buckslip questions (copy 
attached), which are primarily associated with the 3b. 

Direct On~Line option, I discussed the matter with OCR/SAS, 
OCR/ISG/SAIO, OS/ISSG and various CSPO personnel to gather 
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information and statistics. All were most helpful. Froma 
security viewpoint, this option is the least desirable. 


However, 


certain general minimum security requirements can 


be identified. More might be necessary later on based on 
further details of the plan. (A-IOU) 


Qa 


The RECON terminals and printers at the non-CIA 
facilities would have to be dedicated and in areas 
meeting the requirements of the Combined Minimum 
Security Standards for Compartmented Information. 
These standards include physical, personnel and 
technical security. The link to RECON would have 
to be via an approved encrypted communication 
channel. (U) 


A "duplicate" data base of some sort will be 
needed as the least problematic way to serve the 
CIA users. A number of the ways you have suggested 
to provide parallel or serial updating of the 
bases sound promising. Because there are so many 
more CIA users even now —- about 300+ generating 
nearly three times as many queries as non-CIA - it 
is imperative to provide them direct access to a 
data base without "security gateways" (if such 
were available) or any other impedance to good 
service. As stated above, the outside use for 
which the dedicated host is suggested will start 
with an average of ten queries per day with a 
projected growth to fifty per day. (U) 


Another reason for a "duplicate" data base (and 
the reason for the quotation marks) is to retain 
present day dissemination restrictions. In the 
current off-line method of handling outside users, 
the OCR personnel screen out some requests or 
limit the response based on dissemination controls 
imposed on certain files by the data owners. A 
comprehensive, double layer set of codes is 
associated with the records for this purpose. 
About 164,000 records would currently be limited 
or screened out from an NFIB requestor. For an 
off-line or human intermediary system, spillage 
would present no serious problem. But for an 
interactive system for non-CIA users, a data base 
should be provided devoid of the restricted items 
so that the software does not have to be trusted 
to provide the control. (C) 
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as Depending on the file update method chosen for the 
two versions of bibliographic files, provisions 
would have to be made in the SAFE design to securely 
accommodate the communications for update. A 
twisted pair in the secure distribution grid could 
later be replaced by a dedicated channel on the 
WBCS when SAFE makes this available. (U) 


e. The transition from the current RECON system to 
the Central Index File of SAFE would also have to 
be addressed in the SAFE plan. Would it be 
possible, for instance, to install the "internal" 
version of the RECON-supported files directly in 
the SAFE Center-to-be? Or must a temporary secure 
home for it be provided which would be phased out 
later? The other transition would be in terms of 
the growth in internal users from the 300 mentioned 
above to the total SAFE user population. (U) 


£ If any new kind of access is approved for non-CIA 
users, this change would have to be submitted to 
the data owners involved in the RECON-supported 
files for their concurrence. Their Willingness to 
provide certain sensitive files to the present 
system might have been based on trust in the 
dissemination controls built into a human intermediary 
System. DDO would be especially sensitive to this. 


(C) 
3:5 All questions on the buckslip have been addressed 
in the above security requirements. In addition, other 


restraints are mentioned which go beyond the questions but 
which are pertinent. The guidance does not rely on security 
technology still developmental because I0C for RECON community 
use could be about a year after approval. Incidentally, the 
choice of 3a. (the slight enhancement of the current method) 
or the 3c. On-Line Human Intermediary options would allow 
easier implementation, although the remote terminals of 3c. 
would also have the requirements of Paragraph 2a above. (U) 


25X1A 
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MEMORANDUM FOR: Chief, Information Systens Security 
Group, Office of Security 


FROM © 25X1A 


Chief, Management Staff, ODP 


ae 


SUBJECT Proposal for a Centralized Community 
Bibliographic and Mecument featrieval 


System Operated by CIA 


1. During our meeting on 12 March with the Director 
of Data Processing, we briefly discussed a proposal that 
the Intelligence Information Handling Committee study 
the faasibility and desirability of adopting CIA's RECON 
bibliographic index and ADSTAR micrographic document 
storage and retrieval system as a Centralized Intelligencs: 
Community Bibliographic and Document Retrieval System, 
managed and operated for the Community by CIA. A cepy 
of the proposal, that was made by the CIA Member, INc <- 
Clifford ©. May, dr., is attached for your information. 


2. Inasmuch as considerable interest in the pro- 
posal is being expressed by IHC Committee members, this 
matter is called to your attention because of the possible 
security implications. 
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